[SM-949] Add endpoint to fetch events by service account (#3336)

* Add ability to fetch events by service account * Extract GetDateRange into ApiHelpers util * Add dapper implementation * Add EF repo implementation * Add authz handler case * unit + integration tests for controller * swap to read check * Adding comments * Fix integration tests from merge * Enabled SM events controller for self-hosting
2025-07-03 00:52:49 -05:00 · 2023-10-19 16:57:14 -05:00
parent c1cf07d764
commit 728cd1c0b5
15 changed files with 461 additions and 28 deletions
--- a/src/Api/SecretsManager/Controllers/SecretsManagerEventsController.cs
+++ b/src/Api/SecretsManager/Controllers/SecretsManagerEventsController.cs
@ -0,0 +1,52 @@
+using Bit.Api.Models.Response;
+using Bit.Api.Utilities;
+using Bit.Core.Exceptions;
+using Bit.Core.Models.Data;
+using Bit.Core.Repositories;
+using Bit.Core.SecretsManager.AuthorizationRequirements;
+using Bit.Core.SecretsManager.Repositories;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Bit.Api.SecretsManager.Controllers;
+
+[Authorize("secrets")]
+public class SecretsManagerEventsController : Controller
+{
+    private readonly IAuthorizationService _authorizationService;
+    private readonly IEventRepository _eventRepository;
+    private readonly IServiceAccountRepository _serviceAccountRepository;
+
+    public SecretsManagerEventsController(
+        IEventRepository eventRepository,
+        IServiceAccountRepository serviceAccountRepository,
+        IAuthorizationService authorizationService)
+    {
+        _authorizationService = authorizationService;
+        _serviceAccountRepository = serviceAccountRepository;
+        _eventRepository = eventRepository;
+    }
+
+    [HttpGet("sm/events/service-accounts/{serviceAccountId}")]
+    public async Task<ListResponseModel<EventResponseModel>> GetServiceAccountEventsAsync(Guid serviceAccountId,
+        [FromQuery] DateTime? start = null, [FromQuery] DateTime? end = null,
+        [FromQuery] string continuationToken = null)
+    {
+        var serviceAccount = await _serviceAccountRepository.GetByIdAsync(serviceAccountId);
+        var authorizationResult =
+            await _authorizationService.AuthorizeAsync(User, serviceAccount, ServiceAccountOperations.ReadEvents);
+
+        if (!authorizationResult.Succeeded)
+        {
+            throw new NotFoundException();
+        }
+
+        var dateRange = ApiHelpers.GetDateRange(start, end);
+
+        var result = await _eventRepository.GetManyByOrganizationServiceAccountAsync(serviceAccount.OrganizationId,
+            serviceAccount.Id, dateRange.Item1, dateRange.Item2,
+            new PageOptions { ContinuationToken = continuationToken });
+        var responses = result.Data.Select(e => new EventResponseModel(e));
+        return new ListResponseModel<EventResponseModel>(responses, result.ContinuationToken);
+    }
+}